Bug 2067081
| Summary: | Impossible to reset linux-bridge vlan-filtering with vlan: {} | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Quique Llorente <ellorent> | |
| Component: | Networking | Assignee: | Christoph Stäbler <cstabler> | |
| Networking sub component: | kubernetes-nmstate | QA Contact: | Aleksandra Malykhin <amalykhi> | |
| Status: | CLOSED ERRATA | Docs Contact: | ||
| Severity: | high | |||
| Priority: | medium | CC: | amalykhi | |
| Version: | 4.10 | |||
| Target Milestone: | --- | |||
| Target Release: | 4.10.z | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2069086 (view as bug list) | Environment: | ||
| Last Closed: | 2022-07-20 07:46:10 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 2104938 | |||
| Bug Blocks: | 2069086 | |||
*** Bug 2069086 has been marked as a duplicate of this bug. *** Verified on
Cluster version is 4.10.23
kubernetes-nmstate-operator.4.10.0-202207140916
Steps to reproduce:
$ cat <<EOF | kubectl apply -f -
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
name: linux-bridge-vlan-filtering
spec:
desiredState:
interfaces:
- name: dummy1
type: dummy
state: up
- name: linux-br0
type: linux-bridge
state: up
bridge:
port:
- name: dummy1
stp-hairpin-mode: false
stp-path-cost: 100
stp-priority: 32
vlan:
mode: trunk
trunk-tags:
- id: 101
- id-range:
min: 500
max: 599
tag: 100
enable-native: true
EOF
nodenetworkconfigurationpolicy.nmstate.io/linux-bridge-vlan-filtering created
$ oc get nnce
NAME STATUS
master-0-0.linux-bridge-vlan-filtering Available
master-0-1.linux-bridge-vlan-filtering Available
master-0-2.linux-bridge-vlan-filtering Available
worker-0-0.linux-bridge-vlan-filtering Available
worker-0-1.linux-bridge-vlan-filtering Available
$ oc get nns ci-ln-fs3cvbk-72292-fkm59-master-0 -o yaml
apiVersion: nmstate.io/v1beta1
kind: NodeNetworkState
metadata:
name: ci-ln-fs3cvbk-72292-fkm59-master-0
...
status:
currentState:
...
interfaces:
...
- bridge:
...
port:
- name: dummy1
stp-hairpin-mode: false
stp-path-cost: 100
stp-priority: 32
vlan:
enable-native: true
mode: trunk
tag: 100
trunk-tags:
- id: 101
- id-range:
max: 599
min: 500
ipv4:
address: []
dhcp: false
enabled: false
$ $ cat <<EOF | kubectl apply -f -
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
name: linux-bridge-vlan-filtering
spec:
desiredState:
interfaces:
- name: dummy1
type: dummy
state: up
- name: linux-br0
type: linux-bridge
state: up
bridge:
port:
- name: dummy1
stp-hairpin-mode: false
stp-path-cost: 100
stp-priority: 32
vlan: {}
EOF
nodenetworkconfigurationpolicy.nmstate.io/linux-bridge-vlan-filtering configured
[kni@provisionhost-0-0 ~]$ oc get nnce
NAME STATUS
master-0-0.linux-bridge-vlan-filtering Available
master-0-1.linux-bridge-vlan-filtering Available
master-0-2.linux-bridge-vlan-filtering Available
worker-0-0.linux-bridge-vlan-filtering Available
worker-0-1.linux-bridge-vlan-filtering Available
$ oc get nns ci-ln-fs3cvbk-72292-fkm59-master-0 -o yaml
apiVersion: nmstate.io/v1beta1
kind: NodeNetworkState
metadata:
...
name: ci-ln-fs3cvbk-72292-fkm59-master-0
status:
currentState:
...
interfaces:
...
- bridge:
...
port:
- name: dummy1
stp-hairpin-mode: false
stp-path-cost: 100
stp-priority: 32
ipv4:
address: []
dhcp: false
enabled: false
...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.10.23 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5568 |
Description of problem: To reset vlan-filtering from a linux bridge it was possible to specify "vlan: {}" at the bridge port, this is no longer the case and it get merged with previous vlan config so it isn't reset. Version-Release number of selected component (if applicable): kubernetes-nmstate-handler-container-v4.10.0-49 How reproducible: Always Steps to Reproduce: 1. Create a linux-bridge with vlan-filtering cat <<EOF | kubectl apply -f - apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy meta: name: linux-bridge-vlan-filtering spec: desiredState interfaces: - name: dummy1 type: dummy state: up - name: linux-br0 type: linux-bridge state: up bridge: port: - name: dummy1 stp-hairpin-mode: false stp-path-cost: 100 stp-priority: 32 vlan: mode: trunk trunk-tags: - id: 101 - id-range: min: 500 max: 599 tag: 100 enable-native: true EOF 2. Reset the vlan-filtering at the bridge cat <<EOF | kubectl apply -f - apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy meta: name: linux-bridge-vlan-filtering spec: desiredState interfaces: - name: dummy1 type: dummy state: up - name: linux-br0 type: linux-bridge state: up bridge: port: - name: dummy1 stp-hairpin-mode: false stp-path-cost: 100 stp-priority: 32 vlan: {} EOF Actual results: Vlan configuration is still there The vlan configuration is still there kubectl get nns -o yaml |grep vlan -A 8 vlan: enable-native: true mode: trunk tag: 100 trunk-tags: - id: 101 - id-range: max: 599 min: 500 Expected results: The vlan configuration should be gone Additional info: It was discover as part of https://github.com/nmstate/nmstate/pull/1830, it also found that there is a false possitive at the test_disable_vlan_filtering_on_bridge integration test